As is well known, payment cards such as credit cards and debit cards are widely used in point-of-sale and online transactions. Unfortunately, conventional payment cards can be subject to unauthorized use if lost or stolen.
A number of techniques have been developed which attempt to increase the security of a payment card. One example is described in U.S. Patent Application Publication No. 2002/0043566, entitled “Transaction Card and Method for Reducing Frauds.” In this approach, a card is provided with a counter that increments each time the card is activated. This counter value is used with a key string in a cryptographic algorithm to produce a signature. The signature is transmitted with other data to a server of a bank, credit card provider or security department. The server uses the signature and other transmitted data to determine if the transaction is valid.
Another example of a conventional approach is described in U.S. Patent Application Publication No. 2005/0252961, entitled “Charge Card and Debit Transactions Using a Variable Charge Number.” In this approach, a different charge number is assigned for every charge transaction. The card does not contain the entire string of numbers that are required for charging. Instead, the charge number is constructed as a combination of the card number and a variable, random number generated through a pre-authorization phase. A new random number is issued for every charge, is good for a maximum pre-authorized charge amount and a specific merchant, and expires after a limited period of time.
These and other conventional techniques, however, fail to provide an adequate solution to the problem. For example, the use of a separate signature requires significant modification of the currently deployed payment card authentication infrastructure, which is clearly undesirable. Also, the use of a separate pre-authorization phase for every transaction can introduce undue delay in the processing of point-of-sale and online transactions.
Accordingly, a need exists for an improved approach to providing enhanced security in a credit card or other type of payment card.